In a recently issued critical alert, the Internal Revenue Service (IRS), in collaboration with Security Summit partners, has raised the alarm for tax professionals nationwide regarding a sophisticated email scam. This deceptive scheme aims to acquire Electronic Filing Identification Numbers (EFINs) by masquerading as reputable tax software companies.
The scam operates by sending emails to tax professionals, falsely claiming to require verification of EFINs to continue processing tax returns. This ploy is part of a larger strategy by cybercriminals to gain access to sensitive client data and the personal information of tax preparers, thereby opening avenues to submit fraudulent tax return claims for refunds.
In response to this emerging threat, the IRS is stepping up its efforts to arm tax professionals with the necessary knowledge to safeguard against these attacks. A special series of educational webinars, set to commence on February 12 and run throughout the following week, has been announced. These sessions are designed to bolster the cybersecurity awareness of the tax community, with IRS cybersecurity experts leading the discussions.
IRS Commissioner Danny Werfel emphasized the timing of the scam, coinciding with the peak of filing season, as a strategic move by scammers to exploit tax professionals and taxpayers alike. He underscored the importance of heightened security measures within tax practices and urged vigilance against emails that may appear legitimate. “A little extra caution can mean a world of difference for tax professionals during this busy period,” Werfel stated.
Reports of the scam have been flooding in from tax professionals nationwide, who are being targeted with emails instructing them to fax EFIN documents to U.S.-based numbers or retrieve them from the IRS e-Services site. These fraudulent communications often contain telltale signs of their nefarious intent, such as linguistic inconsistencies and unexpected elements like a German footer.
The IRS strongly advises anyone receiving these emails to refrain from responding or following any instructions. Instead, tax professionals are encouraged to report the scam to the Treasury Inspector General for Tax Administration (TIGTA) and forward the email to phishing@irs.gov for further investigation.
In addition to the immediate measures for dealing with scam emails, the IRS has provided guidance on broader strategies for tax professionals to protect themselves and their clients from a range of phishing scams. This includes being on guard against attempts to steal not just EFINs but also Preparer Tax Identification Numbers (PTINs) and e-Services credentials.
As tax-related identity theft continues to evolve, staying informed and taking proactive steps to secure sensitive information becomes increasingly critical. The upcoming webinars offer a valuable opportunity for tax professionals to enhance their defenses against such threats. Registration details for these webinars, which are essential for anyone in the tax preparation industry, can be found on the IRS website. While spaces are limited and continuing education credits are not available, the knowledge gained could be instrumental in preventing data theft and ensuring the integrity of the tax filing process.
For small business owners and independent tax professionals, this warning serves as a crucial reminder of the constant vigilance required to protect against cyber threats. Implementing robust security practices and educating oneself on the latest scams are vital steps in safeguarding both their business and their client’s trust.
Image: IRS